New in version 1.4

May 13th, 2015

New features:

Tor Browser 4.5 now has a security slider that you can use to disable browser features, such as JavaScript, as a trade-off between security and usability. The security slider is set to low by default to provide the same level of security as previous versions and the most usable experience.

We disabled in Tails the new circuit view of Tor Browser 4.5 for security reasons. You can still use the network map of Vidalia to inspect your circuits.

Tails OpenPGP Applet now has a shortcut to the gedit text editor, thanks to Ivan Bliminse.

Paperkey lets you print a backup of your OpenPGP secret keys on paper.

Upgrades and changes:

Tor Browser 4.5 protects better against third-party tracking. Often when visiting a website, many connections are created to transfer both the content of the main website (its page, images, and so on) and third-party content from other websites (advertisements, Like buttons, and so on). In Tor Browser 4.5, all such content, from the main website as well as the third-party websites, goes through the same Tor circuits. And these circuits are not reused when visiting a different website. This prevents third-party websites from correlating your visits to different websites.

Tor Browser 4.5 now keeps using the same Tor circuit while you are visiting a website. This prevents the website from suddenly changing language, behavior, or logging you out.

Disconnect is the new default search engine. Disconnect provides Google search results to Tor users without captchas or bans.

Better support for Vietnamese in LibreOffice through the installation of fonts-linuxlibertine.

Disable security warnings when connecting to POP3 and IMAP ports that are mostly used for StartTLS nowadays.

Support for more printers through the installation of printer-driver-gutenprint.

Upgrade Tor to 0.2.6.7.

Upgrade I2P to 0.9.19 that has several fixes and improvements for floodfill performance.

Remove the obsolete #i2p-help IRC channel from Pidgin.

Remove the command line email client mutt and msmtp.

There are numerous other changes that might not be apparent in the daily operation of a typical user.

Fixed problems:

Make the browser theme of the Windows 8 camouflage compatible with the Unsafe Browser and the I2P Browser.

Remove the Tor Network Settings... from the Torbutton menu.

Better support for Chromebook C720-2800 through the upgrade of syslinux.

Fix the localization of Tails Upgrader.

Fix the OpenPGP key servers configured in Seahorse.

Prevent Tor Browser from crashing when Orca is enabled.

New in version 1.4 RC1 (May 4th, 2015)

Major new features:

Upgrade Tor Browser to 4.5, which introduces many major new features for usability, security and privacy. Unfortunately its per-tab circuit view did not make it into Tails yet since it requires exposing more Tor state to the user running the Tor Browser than we are currently comfortable with. (Closes: ticket #9031)

Upgrade Tor to 0.2.6.7-1~d70.wheezy+1+tails2. Like in the Tor bundled with the Tor Browser, we patch it so that circuits used for SOCKSAuth streams have their lifetime increased indefinitely while in active use. This currently only affects the Tor Browser in Tails, and should improve the experience on certain websites that otherwise would switch language or log you out every ten minutes or so when Tor switches circuit. (Closes: ticket #7934)

Security fixes:

Upgrade Linux to 3.16.7-ckt9-3.

Upgrade curl to 7.26.0-1+wheezy13.

Upgrade dpkg to 1.16.16.

Upgrade gstreamer0.10-plugins-bad to 0.10.23-7.1+deb7u2.

Upgrade libgd2-xpm to 2.0.36~rc1~dfsg-6.1+deb7u1.

Upgrade openldap to 2.4.31-2.

Upgrade LibreOffice to 1:3.5.4+dfsg2-0+deb7u4.

Upgrade libruby1.9.1 to 1.9.3.194-8.1+deb7u5.

Upgrade libtasn1-3 to 2.13-2+deb7u2.

Upgrade libx11 to 2:1.5.0-1+deb7u2.

Upgrade libxml-libxml-perl to 2.0001+dfsg-1+deb7u1.

Upgrade libxml2 to 2.8.0+dfsg1-7+wheezy4.

Upgrade OpenJDK to 7u79-2.5.5-1~deb7u1.

Upgrade ppp to 2.4.5-5.1+deb7u2.

Bugfixes:

Make the Windows 8 browser theme compatible with the Unsafe and I2P browsers. (Closes: ticket #9138)

Make sure the system clock isn't before the build date during early boot. Our live-config hook that imports our signing keys depend on that the system clock isn't before the date when the keys where created. (Closes: ticket #9149)

New in version 1.1.1 (September 2nd, 2014)

Add an I2P boot parameter. Without adding "i2p" to the kernel command line, I2P will not be accessible for the Live user. I2P was also upgraded to 0.9.14.1-1~deb7u+1, and stricter firewall rules are applied to it, among other security enhancements.

Don't install Gobby 0.4 anymore. Gobby 0.5 has been available in Debian since Squeeze, now is a good time to drop the obsolete 0.4 implementation.

Require a bit less free memory before checking for upgrades with Tails Upgrader. The general goal is to avoid displaying "Not enough memory available to check for upgrades" too often due to over-cautious memory requirements checked in the wrapper.

Make it possible to close error messages displayed by the persistent volume assistant (ticket #7119).

Fix some file associations, with a backport of shared-mime-info 1.3 (ticket #7079).

Minor improvements:

Various improvements to the Windows 8 camouflage.

Fix "Upgrade from ISO" functionality when run from a Tails system that ships a different version of syslinux than the one in the ISO (ticket #7345).

Ensure that the MBR matches the syslinux version used by the Tails release it is supposed to boot.

Help Universal USB Installer support Tails again, by include syslinux.exe for Windows in the ISO filesystem (ticket #7425).

Improve the Tails Installer user interface a bit.

Enable double-clicking to pick entries in the language or keyboard layout lists in Tails Greeter.

New in version 1.1 Beta 1 (May 30th, 2014)

Rebase on Debian 7 (Wheezy):

Upgrade literally thousands of packages.

Install LibreOffice instead of OpenOffice.

Fix write access to boot medium via udisks (ticket #6172).

Security fixes:

Upgrade Tor to 0.2.4.22.

Major new features:

Replace the Windows XP camouflage with an experimental Windows 8 one.

UEFI boot support. This allows you to boot Tails from USB sticks on recent hardware, and especially on Mac. It enables you to use great features such as persistence and ?automatic upgrades. If you experience problems, please have a look at the known issues for UEFI support.

Improve integration when run inside VirtualBox. This enables, for instance, more screen resolutions, host-guest file and clipboard sharing. Unfortunately, full functionality is only available when using the 32-bit kernel.

Backport the fix for bug #11464 on Tor Project's Trac. It adds client-side blacklists for all Tor directory authority keys that was vulnerable to Heartbleed. This protects clients in case attackers were able to compromise a majority of the authority signing and identity keys.

Fix link to the system requirements documentation page in the Tails Upgrader error shown when too little RAM is available.

Minor improvements:

Upgrade I2P to 0.9.12-2~deb6u+1.

Import TorBrowser profile. This was forgotten in Tails 0.23 and even though we didn't explicitly set those preferences in that release they defaulted to the same values. This future-proofs us in case the defaults would ever change.

Wait for Tor to have fully bootstrapped, plus a bit more time, before checking for upgrades (Closes: ticket #6728) and unfixed known security issues.

Disable the Intel Management Engine Interface driver (Closes: ticket #6460). We don't need it in Tails, it might be dangerous, and it causes bugs on various hardware such as systems that reboot when asked to shut down.

Add a launcher for the Tails documentation. This makes it available in Windows Camouflage mode (Closes: ticket #5374, ticket #6767).

Install 64-bit kernel instead of the 686-pae one (Closes: ticket #5456). This is a necessary first step towards UEFI boot support.

Install Monkeysign (in a not-so-functional shape yet).

Disable the autologin text consoles (Closes: ticket #5588). This was one of the blockers before a screen saver can be installed in a meaningful way (ticket #5684).

Don't localize the text consoles anymore: it is broken on Wheezy, the intended users can as well use loadkeys, and we now do not have to trust setupcon to be safe for being run as root by the desktop user.

Make it possible to manually start IBus.

Reintroduce the possibility to switch identities in the Tor Browser, using a filtering proxy in front of the Tor ControlPort to avoid giving full control over Tor to the desktop user (Closes: ticket #6383).

At ISO build time, set mtime to the epoch for large files whose content generally does not change between releases. This forces rsync to compare the actual content of these files, when preparing an IUK, instead of blindly adding it to the IUK merely because the mtime has changed, while the content is the same.

Make local hooks logging consistent.

Test suite:

Migrate from JRuby to native Ruby + rjb.

The test suite can now be run on Debian Wheezy + backports.

Fix buggy "persistence is not enabled" step (Closes: ticket #5465).

Use IPv6 private address as of RFC 4193 for the test suite's virtual network. Otherwise dnsmasq from Wheezy complains, as it is not capable of handling public IPv6 addresses.

Delete volumes after each scenario unless tagged @keep_volumes.

Add an anti-test to make sure the memory erasure test works fine.

A *lot* of bugfixes, simplifications and robustness improvements.

New in version 0.22.1 (February 4th, 2014)

Security fixes:

Update NSS to 3.14.5-1~bpo60+1.

Major improvements:

Check for upgrades availability using Tails Upgrader, and propose to apply an incremental upgrade whenever possible.

Install Linux 3.12 (3.12.6-2).

Bugfixes:

Fix the keybindings problem introduced in 0.22.

Fix the Unsafe Browser problem introduced in 0.22.

Use IE's icon in Windows camouflage mode.

Handle some corner cases better in Tails Installer.

Minor improvements:

Update Tor Browser to 24.2.0esr-1+tails1.

Update Torbutton to 1.6.5.3.

Do not start Tor Browser automatically, but notify when Tor is ready.

Import latest Tor Browser prefs.

Many user interface improvements in Tails Upgrader.

New in version 0.22.1 RC1 (January 11th, 2014)

Security fixes:

Update NSS to 3.14.5-1~bpo60+1.

Major improvements:

Check for upgrades availability using Tails Upgrader, and propose to apply an incremental upgrade whenever possible.

Install Linux 3.12 (3.12.6-2).

Bugfixes:

Fix the keybindings problem introduced in 0.22.

Fix the Unsafe Browser problem introduced in 0.22.

Use IE's icon in Windows camouflage mode.

Handle some corner cases better in Tails Installer.

Minor improvements:

Update Tor Browser to 24.2.0esr-1+tails1.

Update Torbutton to 1.6.5.3.

Do not start Tor Browser automatically, but notify when Tor is ready.

Import latest Tor Browser prefs.

Many user interface improvements in Tails Upgrader.

New in version 0.22 (December 12th, 2013)

Security fixes:

Upgrade to Iceweasel 24.2.0esr that fixes a few serious security issues.

New in version 0.22 RC1 (December 2nd, 2013)

Upgrade to NSS 3.15.3 that fixes a few serious security issues affecting the browser.

Major improvements:

Switch to Iceweasel 24 and Torbutton 1.6.

Install Linux 3.11-2 (3.11.8-1).

Incremental upgrades are ready for beta-testing, stay tuned.

Bugfixes:

Fix Vidalia startup.

Disable DPMS screen blanking.

Fix checking of the persistent volume's ACL.

Sanitize more IP and MAC addresses in bug reports.

Do not fail USB upgrade when the "tmp" directory exists on the destination device.

Minor improvements:

Clearer warning when deleting persistent volume.

Use IBus instead of SCIM.

Always list optimal keyboard layout in the greeter.

Fix on-the-fly translation of the greeter in various languages.

Update I2P to 0.9.8.1 and rework its configuration.

New in version 0.21 (October 30th, 2013)

Security fixes:

Don't grant access to the Tor control port for the desktop user. Else, an attacker able to run arbitrary code as this user could obtain the public IP.

Don't allow the desktop user to directly change persistence settings. Else, an attacker able to run arbitrary code as this user could leverage this feature to gain persistent root access, as long as persistence is enabled.

Install Iceweasel 17.0.10esr with Torbrowser patches.

Patch Torbutton to make window resizing closer to what the design says.

New features:

Add a persistence preset for printing settings.

Support running Tails off more types of SD cards.

Minor improvements:

Add a KeePassX launcher to the top panel.

Improve the bug reporting workflow.

Prefer stronger ciphers when encrypting data with GnuPG.

Exclude the version string in GnuPG's ASCII armored output.

Use the same custom Startpage search URL than the TBB. This apparently disables the new broken "family" filter.

Provide a consistent path to the persistent volume mountpoint.

Localization:

Many translation updates all over the place.

New in version 0.21 RC1 (October 21st, 2013)

Security fixes:

Don't grant access to the Tor control port for the desktop user. Else, an attacker able to run arbitrary code as this user could obtain the public IP with a get_info command.

Don't allow the desktop user to directly change persistence settings. Else, an attacker able to run arbitrary code as this user could leverage this feature to gain persistent root access, as long as persistence is enabled.

Add a wrapper around TrueCrypt which displays a warning about it soon being deprecated in Tails.

Remove Pidgin libraries for all protocols but IRC and Jabber/XMPP. Many of the other protocols Pidgin support are broken in Tails and haven't got any security auditting.

Disable the pre-defined Pidgin accounts so they do not auto-connect on Pidgin start.

Include information about Alsa in WhisperBack reports.

Explicitly restrict access to ptrace. While this setting was enabled by default in Debian's Linux 3.9.6-1, it will later disabled in 3.9.7-1. It's unclear what will happen next, so let's explicitly enable it ourselves.

Do not display dialog when a message is sent in Claws Mail.

Sync iceweasel preferences with the Torbrowser's.

Localization:

Many translation updates all over the place.

Merge all Tails-related POT files into one, and make use of intltoolize for better integration with Transifex.

New in version 0.19 (June 27th, 2013)

New features:

Linux 3.9.5-1.

Iceweasel 17.0.7esr + Torbrowser patches.

Unblock Bluetooth, Wi-Fi, WWAN and WiMAX; block every other type of wireless device.

Bugfixes:

Fix write access to boot medium at the block device level.

tails-greeter l10n-related fixes.

gpgApplet: partial fix for clipboard emptying after a wrong passphrase was entered.

Minor improvements:

Drop GNOME proxy settings.

Format newly created persistent volumes as ext4.

GnuPG: don't connect to the keyserver specified by the key owner.

GnuPG: locate keys only from local keyrings.

Upgrade live-boot and live-config to the 3.0.x final version from Wheezy.

Localization: many translation updates all over the place.

Test suite:

Re-enable previously disabled boot device permissions test.

New in version 0.18 (May 19th, 2013)

New features:

Support obfs3 bridges.

Automatically install a custom list of additional packages chosen by the user at the beginning of every working session, and upgrade them once a network connection is established (technology preview).

Iceweasel:

Upgrade to Iceweasel 17.0.5esr-0+tails2~bpo60+1.

Update Torbrowser patches to current maint-2.4 branch (567682b).

Torbutton 1.5.2, and various prefs hacks to fix breakage.

HTTPS Everywhere 3.2

NoScript 2.6.6.1-1

Isolate DOM storage to first party URI, and enable DOM storage.

Isolate the image cache per url bar domain.

Update prefs to match the TBB's, fix bugs, and take advantage of the latest Torbrowser patches.

Make prefs organization closer to the TBB's, and generally clean them up.

Bugfixes:

Linux 3.2.41-2+deb7u2.

All Iceweasel prefs we set are now applied.

Bring back support for proxies of type other than obfsproxy.

Minor improvements:

Set kernel.dmesg_restrict=1, and make /proc// invisible and restricted for other users. It makes it slightly harder for an attacker to gather information that may allow them to escalate privileges.

Install gnome-screenshot.

Add a About Tails launcher in the System menu.

Install GNOME accessibility themes.

Use Getting started... as the homepage for the Tails documentation button.

Fix Tor reaching an inactive state if it's restarted in "bridge mode", e.g. during the time sync' process.

Iceweasel:

Update iceweasel to 10.0.11esr-1+tails1.

Update HTTPS Everywhere to version 3.0.4.

Update NoScript to version 2.6.

Fix bookmark to I2P router console.

Localization:

The Tails USB installer, tails-persistence-setup and tails-greeter are now translated into Bulgarian.

Update Chinese translation for tails-greeter.

Update Euskadi translation for WhisperBack.

New in version 0.12 (June 18th, 2012)

The Unsafe Web Browser, which has direct access to the Internet and can be used to login to captive portals usually found at libraries, Internet cafes and when using other publicly available Internet connections.

Windows camouflage can now be enabled via a check box in Tails Greeter. Tails' user interface is unfamiliar to most, which may attract unwanted attention when used in public places. This option makes Tails look more like Microsoft Windows XP in order to raise less suspicion.

Tor:

Upgrade to 0.2.2.37-1~~squeeze+1.

iceweasel:

Upgrade iceweasel to 10.0.5esr-1 (Extended Support Release).

Add a bookmark for the offline Tails documentation.

Internationalization:

The Tails website and documentation now has a (partial) Portuguese translation.

Hardware support:

Upgrade Linux to 3.2.20-1 (linux-image-3.2.0-2-amd64).

Software:

Do not install cryptkeeper anymore. See remove cryptkeeper for reason. Users of cryptkeeper are encouraged to migrate built-in persistence with the following one-time migration procedure:

Claws Mail: disable draft autosaving. When composing PGP encrypted email, drafts are saved back to the server in plaintext. This includes both autosaved and manually saved drafts.

tails-security-check-wrapper: avoid eating all memory when offline.

New in version 0.10 (January 6th, 2012)

Tor: upgrade to 0.2.2.35-1.

Iceweasel

Install Iceweasel 9.0 from the Debian Mozilla team's APT repository.

Update Torbutton to 1.4.5.1-1.

Support viewing any YouTube video that is available in HTML5 format.

Use Scroogle (any languages) instead of Scroogle (English only) when booted in English. Many users choose English because their own language is not supported yet; let's not hide them search results in their own language.

Install the NoScript Firefox extension; configure it the same way as the TBB does.

Disable third-party cookies. They can be used to track users, which is bad. Besides, this is what TBB has been doing for years.

Do not transparently proxy outgoing Internet connections through Tor. Instead drop all non-Torified Internet traffic. Hence applications has to be explicitly configured to use Tor in order to reach the Internet from now on.

Software

Upgrade Vidalia to 0.2.15-1+tails1. This version will not warn about new Tor versions (this is handled by Tails security check instead).

Upgrade MAT to 0.2.2-1~bpo60+1.

Upgrade VirtualBox guest software to 4.1.6-dfsg-2~bpo60+1, built against the ABI of X.Org backports.

Upgrade I2P to 0.8.11; the start script (which was broken in Tails 0.9) is now fixed.

Connect as root by default, to prevent fingerprinting when username was not specified.

Replace flawed FireGPG with a home-made GnuPG encryption applet; install a feature-stripped FireGPG that redirects users to the documentation, and don't run Seahorse applet anymore.

Blank screen when lid is closed, rather than shutting down the system. The shutdown "feature" has caused data losses for too many people, it seems. There are many other ways a Tails system can be shut down in a hurry these days.

Fix bug in the Pidgin nick generation that resulted in the nick "XXX_NICK_XXX" once out of twenty.

New in version 0.9 (November 17th, 2011)

Tor:

Upgrade to 0.2.2.34. This fixes CVE-2011-2768 and CVE-2011-2769 which prompted for manual updates for users of Tails 0.8.1.

Suppress Tor's warning about applications doing their own DNS lookups. Some users have reported concerns about these warnings, but it should be noted that they are completely harmless inside Tails as its system DNS resolver is Torified.

Linux 3.0.0-6, which fixed a great number of bugs and security issues.

Torbutton: upgrade to 1.4.4.1-1, including support for the in-browser "New identity" feature.

FireGPG: upgrade to 0.8-1+tails2. Users are notified that the FireGPG Text Editor is the only safe place for performing cryptographic operations, and these operations has been disabled in other places. Performing them outside of the editor opens up several severe attacks through JavaScript (e.g. leaking plaintext when decrypting, signing messages written by the attacker).

Replace CS Lite with Cookie Monster for cookie management. Cookie Monster has an arguably nicer interface, is being actively maintained and is packaged in Debian.

Software:

Install MAT, the Metadata Anonymisation Toolkit. Its goal is to remove file metadata which otherwise could leak information about you in the documents and media files you publish. This is the result of a Tails developer's suggestion for GSoC 2011, although it ended up being mentored by The Tor Project.

Upgrade WhisperBack to 1.5~rc1. Users are guided how to send their bug reports through alternative channels upon errors sending them. This will make bug reporting easier when there's no network connection available.

Upgrade TrueCrypt to 7.1.

Miscellaneous:

The date and time setting system was completely reworked. This should prevent time syncing issues that may prevent Tor from working properly, which some users have reported. The new system will not leave a fingerprintable network signature, like the old system did. Previously that signature could be used to identify who is using Tails (but not deanonymize them).

Erase memory at shutdown: run many instances of the memory wiper. Due to architectural limitations of i386 a process cannot access all memory at the same time, and hence a single memory wipe instance cannot clear all memory.

Saner keyboard layouts for Arabic and Russian.

Use Plymouth text-only splash screen at boot time.

New in version 2008.1-r1 (October 6th, 2008)

It has been reported that one of the advertised features of Incognito doesn't work in the 2008.1 release, the possibility to run Incognito in Microsoft Windows through the QEMU installation it ships with. The problem was a single backslash () in a script that the new QEMU version (0.9.1) didn't like, but which the previous version (0.9) didn't mind.

Because of this I'm releasing Incognito 2008.1 revision 1, which fixes this issue (plus a few unimportant cosmetic changes that no one really should notice or care about). Those of you that have already downloaded 2008.1 but don't use this feature do not need to download 2008.1-r1.

While every Incognito release is more or less a beta release at this stage, it has dawned to me that these kinds of silly mistakes probably can be avoided if there were some beta testers around and some sort of Quality Assurance procedure before every official release. At the moment the only one doing this is me, on two different systems plus the occasional system I happen to get my hands on, and in a few virtual machines (QEMU and VMWare). Clearly this is not good practice.

Would you like to be a beta tester for upcoming releases? If so, please send me an email (see the Contact section for how to do that). Right now I'm in particular interested in a few users of Microsoft Windows so that the above feature can be tested. I don't have access to a Microsoft Windows install myself and barely any one I know use it (great, isn't it!) so I cannot test this myself reliably.